BETA


Events

2023/09/07
   EP - Amendments tabled in committee
Documents
2023/07/13
   EP - Committee draft report
Documents
2023/07/12
   EP - Specific opinion
Documents
2023/07/04
   EP - Specific opinion
Documents
2023/02/14
   EP - Committee opinion
Documents
2023/01/30
   EP - Committee opinion
Documents
2022/12/05
   EP - PAGAZAURTUNDÚA Maite (Renew) appointed as rapporteur in AFCO
2022/09/15
   EP - Referral to associated committees announced in Parliament
2022/07/13
   EP - VIRKKUNEN Henna (EPP) appointed as rapporteur in ITRE
2022/06/15
   EP - BILČÍK Vladimír (EPP) appointed as rapporteur in LIBE
2022/05/17
   EDPS - Document attached to the procedure
2022/05/16
   EP - LANGE Bernd (S&D) appointed as rapporteur in INTA
2022/05/11
   EP - PAET Urmas (Renew) appointed as rapporteur in AFET
2022/04/04
   EP - Committee referral announced in Parliament, 1st reading
2022/03/22
   EC - Document attached to the procedure
2022/03/22
   EC - Document attached to the procedure
2022/03/22
   EC - Legislative proposal published
Details

PURPOSE: to establish rules with a view to achieving a common high level of security for EU classified information and for non-classified information handled and stored by the EU institutions and bodies.

PROPOSED ACT: Regulation of the European Parliament and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: given the ever-increasing volumes of non-classified sensitive information and EU classified information (EUCI) that the EU institutions and bodies have to share, and due to the dramatically evolving threats, the EU administration is exposed to attacks in all its areas of activity. The information handled by the EU institutions and bodies is of great interest to malicious actors and needs to be properly protected, which requires swift action to improve its protection.

Currently, the EU institutions and bodies either have their own rules on information security, based on their Rules of Procedure or their founding acts, or they have no rules at all. The lack of a common approach hinders the deployment of common tools building on an agreed set of rules depending on the security needs of the information to be protected.

Therefore, and in order to increase the protection of the information handled by the European administration, this initiative aims to streamline the different legal frameworks of the Union institutions and bodies in the field by:

- establishing harmonised and comprehensive categories of information, as well as common handling rules for all Union institutions and bodies,

- setting up a lean cooperation scheme on information security between Union institutions and bodies able to foster a coherent information security culture across the European administration,

- modernising the information security policies at all levels of classification/categorisation, for all Union institutions and bodies, taking into account the digital transformation and the development of teleworking as a structural practice.

This initiative is part of the EU strategy for the Security Union adopted by the Commission on 24 July 2020 and is part of a broad set of EU policies in the field of security and information security.

CONTENT: the proposed Regulation is intended to create a minimum set of rules on information security applicable to all EU institutions and bodies. It applies to all information handled and stored by the Union institutions and bodies, including information related to the European Atomic Energy Community activities, other than Euratom classified information. The Regulation covers both non-classified information and EUCI.

Security governance and organisation

The proposal foresees the creation of an inter-institutional information security coordination group in which the security authorities of all EU institutions and bodies would be represented. The coordination group would have the task of defining the common policy of these institutions and bodies in the field of information security. It should enhance the coherence of policies in the field of information security and contribute to the harmonisation of information security procedures and tools across the Union institutions and bodies.

The coordination group should draft guidance documents and create platforms for sharing best practices and knowledge on common issues relevant to information security and for providing assistance in case of information security incidents. It would regularly exchange with the national security authorities of the Member States, gathered in an Information Security Committee .

Five sub-groups of experts representing different institutions and bodies would be set up to streamline procedures and other practical aspects of information security.

Each EU institution or body would be required to designate a security authority , responsible for the definition and implementation of internal information security policies.

Information assurance and communication and information systems

The proposed Regulation establishes a sub-group on information assurance with the objective of enhancing the coherence across the Union institutions and bodies between the information security rules and the cybersecurity baseline as defined by the Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union.

Non-classified information

The Regulation provides for three categories of non-classified information: (1) information for public use, (2) normal information and (3) sensitive non-classified information. All categories are defined, while markings and handling conditions are stipulated for protecting such information.

With a view to coordinating the work on equivalence between particular categories established by some Union institutions and bodies and common categories provided by the Regulation, the proposal sets up a sub-group on non-classified information.

Classified information (EUCI)

The section on general provisions provides for four levels of EUCI : (1) TRES SECRET UE/EU TOP SECRET, (2) SECRET UE/EU SECRET, (3) CONFIDENTIEL UE/EU CONFIDENTIAL, (4) RESTREINT UE/EU RESTRICTED. It also provides for an obligation of Union institutions and bodies to take the necessary security measures in accordance with the results of an information security risk management process.

The proposal also covers aspects of personnel security, physical security, EUCI management, protection in information and communication systems, industrial security, EUCI sharing and exchange of classified information.

The proposed regulation establishes sub-groups on information assurance, on non-classified information, on physical security, on accreditation of communication and information systems handling and storing EUCI and on EUCI sharing and exchange of classified information.

Documents

AmendmentsDossier
232 2022/0084(COD)
2022/11/09 AFCO 34 amendments...
source: 731.766
2022/12/05 ITRE 50 amendments...
source: 739.608
2023/09/07 LIBE 148 amendments...
source: 752.883

History

(these mark the time of scraping, not the official date of the change)

docs/2/docs/0/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2022:258:TOC
New
https://eur-lex.europa.eu/oj/daily-view/L-series/EN/TXT/?uri=OJ:C:2022:258:TOC
docs/8
date
2023-09-07T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/LIBE-AM-752883_EN.html title: PE752.883
type
Amendments tabled in committee
body
EP
docs/7
date
2023-07-13T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/LIBE-PR-751547_EN.html title: PE751.547
type
Committee draft report
body
EP
docs/5
date
2023-06-27T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/INTA-AL-745524_EN.html title: PE745.524
committee
INTA
type
Specific opinion
body
EP
docs/6
date
2023-06-27T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/INTA-AL-745524_EN.html title: PE745.524
committee
INTA
type
Specific opinion
body
EP
docs/6/date
Old
2023-06-27T00:00:00
New
2023-07-12T00:00:00
docs/5
date
2023-06-22T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/AFET-AL-748999_EN.html title: PE748.999
committee
AFET
type
Specific opinion
body
EP
docs/6
date
2023-06-22T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/AFET-AL-748999_EN.html title: PE748.999
committee
AFET
type
Specific opinion
body
EP
docs/6/date
Old
2023-06-22T00:00:00
New
2023-07-04T00:00:00
docs/6
date
2023-06-27T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/INTA-AL-745524_EN.html title: PE745.524
committee
INTA
type
Specific opinion
body
EP
docs/5
date
2023-06-22T00:00:00
docs
url: https://www.europarl.europa.eu/doceo/document/AFET-AL-748999_EN.html title: PE748.999
committee
AFET
type
Specific opinion
body
EP
docs/4/docs/0/url
https://www.europarl.europa.eu/doceo/document/ITRE-AD-738558_EN.html
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
docs/4
date
2023-02-14T00:00:00
docs
title: PE738.558
committee
ITRE
type
Committee opinion
body
EP
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/3/docs/0/url
https://www.europarl.europa.eu/doceo/document/AFCO-AD-730186_EN.html
docs/3
date
2023-01-30T00:00:00
docs
title: PE730.186
committee
AFCO
type
Committee opinion
body
EP
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
committees/5
type
Committee Opinion
body
EP
committee_full
Legal Affairs
committee
JURI
associated
False
opinion
False
committees/5
type
Committee Opinion
body
EP
committee_full
Legal Affairs
committee
JURI
associated
False
rapporteur
name: JORON Virginie date: 2022-07-13T00:00:00 group: Identity and Democracy abbr: ID
committees/1
type
Committee Opinion
body
EP
committee_full
Constitutional Affairs
committee
AFCO
associated
False
rapporteur
name: PAGAZAURTUNDÚA Maite date: 2022-12-05T00:00:00 group: Renew Europe group abbr: Renew
committees/3
Old
type
Committee Opinion
body
EP
committee_full
International Trade
committee
INTA
associated
False
rapporteur
name: LANGE Bernd date: 2022-05-16T00:00:00 group: Group of Progressive Alliance of Socialists and Democrats abbr: S&D
New
type
Committee Opinion
body
EP
committee_full
Budgets
committee
BUDG
associated
False
opinion
False
committees/4
Old
type
Committee Opinion
body
EP
committee_full
Budgets
committee
BUDG
associated
False
opinion
False
New
type
Committee Opinion
body
EP
committee_full
International Trade
committee
INTA
associated
False
rapporteur
name: LANGE Bernd date: 2022-05-16T00:00:00 group: Group of Progressive Alliance of Socialists and Democrats abbr: S&D
committees/5
Old
type
Committee Opinion
body
EP
committee_full
Industry, Research and Energy
committee
ITRE
associated
False
rapporteur
name: VIRKKUNEN Henna date: 2022-07-13T00:00:00 group: Group of European People's Party abbr: EPP
New
type
Committee Opinion
body
EP
committee_full
Legal Affairs
committee
JURI
associated
False
rapporteur
name: JORON Virginie date: 2022-07-13T00:00:00 group: Identity and Democracy abbr: ID
committees/6
type
Committee Opinion
body
EP
committee_full
Constitutional Affairs
committee
AFCO
associated
False
rapporteur
name: DURAND Pascal date: 2022-06-20T00:00:00 group: Renew Europe group abbr: Renew
committees/6
Old
type
Committee Opinion
body
EP
committee_full
Legal Affairs
committee
JURI
associated
False
rapporteur
name: JORON Virginie date: 2022-07-13T00:00:00 group: Identity and Democracy abbr: ID
New
type
Committee Opinion
body
EP
committee_full
Industry, Research and Energy
committee
ITRE
associated
False
rapporteur
name: VIRKKUNEN Henna date: 2022-07-13T00:00:00 group: Group of European People's Party abbr: EPP
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
events/2
date
2022-09-15T00:00:00
type
Referral to associated committees announced in Parliament
body
EP
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
procedure/legal_basis/1
Rules of Procedure EP 57
commission/0/dg
Old
Informatics
New
Human Resources and Security
committees/5/rapporteur
  • name: JORON Virginie date: 2022-07-13T00:00:00 group: Identity and Democracy abbr: ID
committees/0/shadows
  • name: UŠAKOVS Nils group: Group of Progressive Alliance of Socialists and Democrats abbr: S&D
  • name: PAGAZAURTUNDÚA Maite group: Renew Europe group abbr: Renew
  • name: FREUND Daniel group: Group of the Greens/European Free Alliance abbr: Verts/ALE
  • name: KANKO Assita group: European Conservatives and Reformists Group abbr: ECR
  • name: ARVANITIS Konstantinos group: The Left group in the European Parliament - GUE/NGL abbr: GUE/NGL
committees/4/rapporteur
  • name: LANGE Bernd date: 2022-05-16T00:00:00 group: Group of Progressive Alliance of Socialists and Democrats abbr: S&D
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
docs/0
date
2022-03-22T00:00:00
docs
summary
type
Legislative proposal
body
EC
docs/3
date
2022-05-17T00:00:00
docs
type
Document attached to the procedure
body
EDPS
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
summary
committees/6/rapporteur
  • name: VIRKKUNEN Henna date: 2022-07-13T00:00:00 group: Group of European People's Party abbr: EPP
committees/3
Old
type
Committee Opinion
body
EP
committee_full
Industry, Research and Energy
committee
ITRE
associated
False
New
type
Committee Opinion
body
EP
committee_full
Budgets
committee
BUDG
associated
False
opinion
False
committees/4
type
Committee Opinion
body
EP
committee_full
International Trade
committee
INTA
associated
False
committees/6
Old
type
Committee Opinion
body
EP
committee_full
Budgets
committee
BUDG
associated
False
opinion
False
New
type
Committee Opinion
body
EP
committee_full
Industry, Research and Energy
committee
ITRE
associated
False
committees/2
type
Committee Opinion
body
EP
committee_full
Foreign Affairs
committee
AFET
associated
False
rapporteur
name: PAET Urmas date: 2022-05-11T00:00:00 group: Renew Europe group abbr: Renew
committees/3
Old
type
Committee Opinion
body
EP
committee_full
Budgets
committee
BUDG
associated
False
opinion
False
New
type
Committee Opinion
body
EP
committee_full
Industry, Research and Energy
committee
ITRE
associated
False
committees/5
Old
type
Committee Opinion
body
EP
committee_full
Industry, Research and Energy
committee
ITRE
associated
False
New
type
Committee Opinion
body
EP
committee_full
Budgets
committee
BUDG
associated
False
opinion
False
committees/1/rapporteur
  • name: DURAND Pascal date: 2022-06-20T00:00:00 group: Renew Europe group abbr: Renew
docs/0/docs/0
url
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SWD:2022:0065:FIN:EN:PDF
title
EUR-Lex
docs/1/docs/0
url
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SWD:2022:0066:FIN:EN:PDF
title
EUR-Lex
events/0/docs/0
url
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2022&nu_doc=0119
title
EUR-Lex
committees/0/rapporteur
  • name: BILČÍK Vladimír date: 2022-06-15T00:00:00 group: Group of European People's Party abbr: EPP
procedure/subject/2.80
Cooperation between administrations
procedure/subject/3.30.06
Information and communication technologies, digital technologies
procedure/subject/3.30.07
Cybersecurity, cyberspace policy
procedure/subject/3.30.25
International information networks and society, internet
procedure/subject/8.40
Institutions of the Union
procedure/subject/8.40.08
Agencies and bodies of the EU
commission
  • body: EC dg: Informatics commissioner: HAHN Johannes
committees/1
type
Committee Opinion
body
EP
committee_full
Budgets
committee
BUDG
associated
False
committees/1
Old
type
Committee Opinion
body
EP
committee_full
Industry, Research and Energy
committee
ITRE
associated
False
New
type
Committee Opinion
body
EP
committee_full
Legal Affairs
committee
JURI
associated
False
committees/2
Old
type
Committee Opinion
body
EP
committee_full
Legal Affairs
committee
JURI
associated
False
New
type
Committee Opinion
body
EP
committee_full
Industry, Research and Energy
committee
ITRE
associated
False
committees/4
type
Committee Opinion
body
EP
committee_full
Budgets
committee
BUDG
associated
False
committees/4/opinion
False
docs/0
date
2022-03-22T00:00:00
docs
title: COM(2022)0119
summary
type
Legislative proposal
body
EC
events/0
date
2022-03-22T00:00:00
type
Legislative proposal published
body
EC
docs
title: COM(2022)0119
summary
procedure/subject/2.80
Cooperation between administrations
procedure/subject/3.30.06
Information and communication technologies, digital technologies
procedure/subject/3.30.07
Cybersecurity, cyberspace policy
procedure/subject/3.30.25
International information networks and society, internet
procedure/subject/8.40
Institutions of the Union
procedure/subject/8.40.08
Agencies and bodies of the EU
docs/0/summary
  • PURPOSE: to establish rules with a view to achieving a common high level of security for EU classified information and for non-classified information handled and stored by the EU institutions and bodies.
  • PROPOSED ACT: Regulation of the European Parliament and of the Council.
  • ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
  • BACKGROUND: given the ever-increasing volumes of non-classified sensitive information and EU classified information (EUCI) that the EU institutions and bodies have to share, and due to the dramatically evolving threats, the EU administration is exposed to attacks in all its areas of activity. The information handled by the EU institutions and bodies is of great interest to malicious actors and needs to be properly protected, which requires swift action to improve its protection.
  • Currently, the EU institutions and bodies either have their own rules on information security, based on their Rules of Procedure or their founding acts, or they have no rules at all. The lack of a common approach hinders the deployment of common tools building on an agreed set of rules depending on the security needs of the information to be protected.
  • Therefore, and in order to increase the protection of the information handled by the European administration, this initiative aims to streamline the different legal frameworks of the Union institutions and bodies in the field by:
  • - establishing harmonised and comprehensive categories of information, as well as common handling rules for all Union institutions and bodies,
  • - setting up a lean cooperation scheme on information security between Union institutions and bodies able to foster a coherent information security culture across the European administration,
  • - modernising the information security policies at all levels of classification/categorisation, for all Union institutions and bodies, taking into account the digital transformation and the development of teleworking as a structural practice.
  • This initiative is part of the EU strategy for the Security Union adopted by the Commission on 24 July 2020 and is part of a broad set of EU policies in the field of security and information security.
  • CONTENT: the proposed Regulation is intended to create a minimum set of rules on information security applicable to all EU institutions and bodies. It applies to all information handled and stored by the Union institutions and bodies, including information related to the European Atomic Energy Community activities, other than Euratom classified information. The Regulation covers both non-classified information and EUCI.
  • Security governance and organisation
  • The proposal foresees the creation of an inter-institutional information security coordination group in which the security authorities of all EU institutions and bodies would be represented. The coordination group would have the task of defining the common policy of these institutions and bodies in the field of information security. It should enhance the coherence of policies in the field of information security and contribute to the harmonisation of information security procedures and tools across the Union institutions and bodies.
  • The coordination group should draft guidance documents and create platforms for sharing best practices and knowledge on common issues relevant to information security and for providing assistance in case of information security incidents. It would regularly exchange with the national security authorities of the Member States, gathered in an Information Security Committee .
  • Five sub-groups of experts representing different institutions and bodies would be set up to streamline procedures and other practical aspects of information security.
  • Each EU institution or body would be required to designate a security authority , responsible for the definition and implementation of internal information security policies.
  • Information assurance and communication and information systems
  • The proposed Regulation establishes a sub-group on information assurance with the objective of enhancing the coherence across the Union institutions and bodies between the information security rules and the cybersecurity baseline as defined by the Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union.
  • Non-classified information
  • The Regulation provides for three categories of non-classified information: (1) information for public use, (2) normal information and (3) sensitive non-classified information. All categories are defined, while markings and handling conditions are stipulated for protecting such information.
  • With a view to coordinating the work on equivalence between particular categories established by some Union institutions and bodies and common categories provided by the Regulation, the proposal sets up a sub-group on non-classified information.
  • Classified information (EUCI)
  • The section on general provisions provides for four levels of EUCI : (1) TRES SECRET UE/EU TOP SECRET, (2) SECRET UE/EU SECRET, (3) CONFIDENTIEL UE/EU CONFIDENTIAL, (4) RESTREINT UE/EU RESTRICTED. It also provides for an obligation of Union institutions and bodies to take the necessary security measures in accordance with the results of an information security risk management process.
  • The proposal also covers aspects of personnel security, physical security, EUCI management, protection in information and communication systems, industrial security, EUCI sharing and exchange of classified information.
  • The proposed regulation establishes sub-groups on information assurance, on non-classified information, on physical security, on accreditation of communication and information systems handling and storing EUCI and on EUCI sharing and exchange of classified information.
events
  • date: 2022-04-04T00:00:00 type: Committee referral announced in Parliament, 1st reading body: EP
procedure/dossier_of_the_committee
  • LIBE/9/08703
procedure/stage_reached
Old
Preparatory phase in Parliament
New
Awaiting committee decision